1. Field of the Invention
The present invention relates to a plurality of information devices which are linked by a communication link in an encryption utilization communication system for protecting digital data transmitted on the communication link between the plurality of information devices.
2. Description of the Prior Art
It has become increasingly common that video productions such as movies are digitized and compressed. Such digitized and compressed video productions hardly suffer from picture degradation, so that users can always enjoy video productions with high picture quality. While analog video productions which have been repeatedly dubbed have profound loss in picture quality, digitized video productions which have been repeatedly dubbed have no picture degradation.
In other words, digitized video productions are far more susceptible to copyright infringement acts, such as unauthorized production of dead copies and unauthorized alteration, than analog video productions. When such dead copies or altered video productions are distributed, producers of the original digitized video productions will suffer tremendous damage. Because of this danger, the producers are cautious of having their video productions digitized. Accordingly, the issue concerning the digitization of video productions is whether such productions can be protected against copyright infringements.
It should be noted that dead copies of a video production can be produced by connecting a video reproduction device for reproducing a recording medium on which the video production is recorded and an information recording device for recording the reproduced video production onto a recording medium. On the other hand, unauthorized alteration of a video production can be performed by connecting a video reproduction device for reproducing a recording medium on which the video production is recorded and a video editing device for temporarily storing the reproduced video production onto a hard disc for later editing.
In order to prevent such infringements, video reproduction devices which reproduce video productions must prevent the video productions from being distributed to unauthorized devices, such as information recording devices or digital information copying devices. For this purpose, when a video reproduction device is linked to such a device via a communication link, it is necessary for the video reproduction device to verify the authenticity of the device.
The most representative techniques used for verifying the authenticity of the device in communication are authentication methods. In these methods, a transmitter device verifies the authenticity of a receiver device, and only proceeds to transmit data to receiver devices that have been successfully verified, thereby preventing unauthorized devices from receiving the data. It should be noted here that since the receiver device needs to lay claim to its authenticity, it is generally referred to as the "claimant", while the transmitter device needs to verify the authenticity of the claimant, and so is referred to as the "verifier".
Predetermined standards have been created for use by devices related to the recording and reproduction of optical discs, in order to protect copyrights. Here, the issue is whether a device conforms to the predetermined standard. Accordingly, the "verification of the authenticity" described above is performed by "judging whether a device conforms to the predetermined standard".
An example of a conventional authentication technique is a one-way authentication method using the encryption techniques taught by the ISO/IEC (International Organization for Standardization/International Electrotechnical Commission) 9798-2 Standard. This authentication method is based on the claimant having secret data called a claimant key which it uses to prove its authenticity to the verifier without transmitting the claimant key itself. In this setup, the verifier selects data and transmits this to the claimant. This process is called "challenge", in which the transmitted data (called "challenge data") is set at 64 bits in accordance with the ISO/IEC 9798-2 Standard.
The claimant encrypts the challenge data using an encryption algorithm and the claimant key. Here, the encryption is such that even if an unauthorized third party obtains both the challenge data and the encryption result, it will still be impossible to derive the claimant key from these values. The claimant transmits the encrypted data to the verifier as "response data".
The verifier, which receives the response data, is provided with a decryption algorithm corresponding to the encryption algorithm and a verifier key, which it uses to decrypt the response data. The verifier then compares the decryption result with the challenge data. When these match, the verifier judges that the claimant is in possession of the valid claimant key, and so verifies the authenticity of the claimant. This one-way authentication is completed at the point when one device proves its authenticity to the other device, though one-way authentication processing may be repeated by switching the verifier and the claimant so that each device can verify the authenticity of the other device (this method is called "two-way authentication").
There are two encryption systems used for authentication methods: a secret key encryption system and a public key encryption system. In these encryption systems, a key used for generating response data is referred to as the "claimant key", while a key used for verifying the authenticity of the response data is referred to as the "verifier key".
In the secret key encryption system a same key can be used as the claimant key and the verifier key. Accordingly, both the claimant key and the verifier key must be kept secret when using secret key encryption.
In the public key encryption system, different keys are used as the claimant key and the verifier key. Accordingly, while the claimant key should be kept secret, the verifier key does not have to be kept secret (the key which should be kept secret is referred to as the "secret key", and the key which does not have to be kept secret is referred to as the "public key").
When performing the secret key encryption using computer software, the processing time can be reduced. Also, when performing the secret key encryption using hardware, the apparatus can be realized compactly. On the other hand, there is a drawback with the secret key encryption system in that not only the claimant key but the verifier key should be kept secret. When, for example, the claimant key is changed, it becomes necessary to change the verifier key, too. However, a verifier key corresponding to the new claimant key of the claimant cannot be transmitted to the verifier via the communication link, since data on the communication link is in principle not secure against unauthorized copying and thus its secrecy is not fully protected. Accordingly, there is a difficulty in changing the claimant key of the claimant. Since all devices in the secret key encryption system have the same secret information (regardless of whether it is nominally a claimant key or a verifier key), once this secret information leaks out, the secrecy of the entire system breaks down.
As for the public key encryption system, it is widely known that extensive numerical calculations are required to perform public key encryption. To perform the public key encryption using standard computer software requires great amounts of processing time. Also, in order to perform the public key encryption using specialized hardware, the hardware needs to be of a large-scale. While the public key encryption system has these drawbacks, the system has an advantage in that the verifier key used for verifying the authenticity of the response data does not have to be kept secret but can be made public in an authentication method in challenge-response format. Security of the authentication method using the public key encryption can be maintained even when the verifier key is known. When, for example, the claimant key is changed, a verifier key corresponding to the new claimant key can be transmitted from the claimant to the verifier via the communication link. Thus, the authentication method in challenge-response format using the public key encryption system is more flexible than the authentication method in challenge-response format using the secret key encryption system, as it can change the claimant key without affecting the security of the entire system (due to the reasons described above, authentication methods which use both secret and public keys can be regarded as more secure than authentication methods which use only secret keys).
There is a range of choices concerning authentication methods using the public key encryption system. For example, there is an inverse relation in the authentication methods between security and processing speed (when using computer software) or hardware scale (when using specialized hardware).
Thus, there are an increasing number of verifier methods and claimant methods to choose from, including public key encryption utilization methods and secret key encryption utilization methods. As a result, when developing new products related to the recording and reproduction of video productions, it is possible to implement optimum verifier and claimant methods for the hardware scale and processing speed of the new products.
While it is desirable for producers who intend to develop new products to have a wide variety of verifier and claimant methods to choose from, there is also a danger of authentication failure when certain types of verifiers are connected with certain types of claimants. For instance, when authentication is performed between a verifier which has a verifier method using the public key encryption and a claimant which has a claimant method using the secret key encryption, two devices cannot perform the authentication properly. Also, when the verifier and the claimant both perform authentication using the secret key encryption but with different versions of the software or hardware, each device cannot verify the authenticity of the other device.
In order to avoid such inconsistencies, producers need to develop verifiers and claimants which are capable of executing as large a number of versions of authentication protocols in challenge-response format as possible. For example, a verifier can be provided with hardware for a first verifier method using the public key encryption system and hardware for a second verifier method using the secret key encryption system. When a claimant has only a second claimant method using the secret key encryption system, both devices can perform authentication successfully.
However, when both the verifier and the claimant are capable of executing a plurality of verifier and claimant methods respectively, a less secure verifier/claimant method may be automatically selected by the verifier and the claimant, so that a more secure verifier/claimant method which is possessed by both devices may not be utilized. For instance, when the claimant is provided with a first claimant method using the public key encryption and the second claimant method using the secret key encryption, the verifier and the claimant may choose the less secure second verifier/claimant method using the secret key encryption to perform authentication. As a result, the more secure first verifier/claimant method using the public key encryption may not be utilized.
The above explanation has focused on authentication techniques, although the problems stated above are not limited to such. When there are a plurality of choices of encryption utilization protocols for protecting the copyrights and secrecy of video productions which are to be transmitted between a plurality of devices, the transmitter device and the receiver device may use different versions of an encryption utilization protocol. As a result, the receiver device may fail to decrypt the video productions which have been encrypted by the transmitter device. Also, the transmitter device may use an encryption utilization protocol which the receiver device does not possess to encrypt the video productions and transmits them to the receiver device, which as a result cannot decrypt the encrypted video productions.
Thus, the danger of "non-communicative state", caused by having a plurality of choices of encryption utilization protocols, is not limited to the authentication techniques, but concerns every communication system which has a plurality of choices of encryption utilization protocols.